Authentication generally refers to the process of establishing an identity of an individual or more generally to a process of establishing a claim that something is true. The type of authentication required in any given situation can vary widely. Many situations may require strict and multi-faceted authentication while other situations have less stringent authentication requirements.
There are various factors that can be used to establish identity or to establish that something is what it claims to be. Common factors used during authentication include ownership, knowledge, and inherency factors. Ownership factors often refer to something that a user possesses, such as a card or a token. Knowledge factors refer to something that is known to the user, such as a password. Inherency factors often relate to something about the user, such as a fingerprint or a retinal pattern.
While it may be desirable to establish an authentication process that requires at least two of these factors, this may not always be possible or practical. Many websites, for instance, rely on knowledge factors alone to authenticate users, although some websites use other factors in their authentication processes.
For example, a website may offer users the ability to establish accounts with the website. When an account is initially established, the user may be asked to provide sensitive or private information (e.g., date of birth, credit card number, etc.). This information may be stored by the website in the user's account.
One of the steps performed in establishing the account is the selection of a username and a password, which are an example of knowledge factors. Future access to the account is governed by the username/password combination.
When access to the account is requested, the website must ensure that the user attempting to access the account is, in fact, the authorized user of the account. When the user provides the correct username and password associated with his or her account, the user is authenticated and the website provides access to the account.
There are other situations where ownership factors are used for authentication purposes. Ticketing systems, for instance, often use bar-codes when selling tickets to an event as well as when checking tickets at the event. In this sense, the possession of a ticket with a valid bar-code authenticates the user as having a valid ticket to enter the event. Biometric authentication, which is an example of inherent factors, may be used in ATMs and other mission-critical systems.
Authentication may also be required when entering a building or other area where access is controlled. Access to restricted areas, for instance, is often controlled using some type of authentication. In some instances, a third party is often needed to record the authentication conducted by an authentication system. The foregoing examples illustrate that authentication systems are not limited to online scenarios.
One drawback of conventional authentication schemes is that many devices are not equipped with the proper equipment. Many devices simply do not have the capability, for example, to obtain a retinal scan or read a bar-code. As a result, many authentication systems have little applicability outside of a specific system. An authentication system for systems and services used around the world is not worth the cost if it is only installed in some devices.